I am running GnuTLS 3.1.16 as both client and server, with a python-gnutls wrapper extended to check for DANE certificate uses, here: https://www.had-pilot.com/dane/danelaw.html.
The GnuTLS server is running all 0xx and 1xx DANE certificate uses, serving a single end certificate per use. It runs 24/7 robustly. It can only be configured to take a single end certificate for the server handshake. When presented with a concatenation of PEM certs, it will send only the end cert in the server side handshake. This is curious, because the GnuTLS client will retrieve the full cert chain in communication with, e.g., the TLSlite server. I tried this with gnutls-cli and gnutls-serve, configuring the server with a concatenated PEM chain, with the same result: only the end cert is delivered to the client. Has this issue been fixed in subsequent versions of GnuTLS? Are there plans to fix it? Cheers, Stephen Nightingale, NIST. _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
